Bug#628525: libsasl2-modules-gssapi-mit: authentication now fails always
Ondřej Surý
ondrej at sury.org
Mon May 30 21:17:00 UTC 2011
On Mon, May 30, 2011 at 20:08, brian m. carlson
<sandals at crustytoothpaste.net> wrote:
> On Mon, May 30, 2011 at 12:12:46PM +0200, Ondřej Surý wrote:
>> is it auxprop or saslauthd based?
>
> Sendmail uses saslauthd. Dovecot (for IMAP) uses its own SASL
> implementation. On the server, the new version is installed. It's only
> when the client uses the new version that problems occur.
Thanks, that's good to know.
>> Could you please test using sample-sasl-{client,server} for auxprop
>> and testsaslauthd for saslauthd?
>>
>> And post results here?
>
> castro ok % sudo testsaslauthd -u bmc -p "not the real password" -r CRUSTYTOOTHPASTE.NET
> 0: OK "Success."
So, this should fail and it is not failing, that's bad.
> I can also point out that plaintext authentication against the Kerberos
> database works fine.
>
>> Also would you be willing to help us setup testing krb environment?
>> I'll create a kvm image with krb5 and will test new releases with
>> that, but it's very hard to debug something we don't use :(.
>
> I can do that. Since you're a DD, I'm also happy to give you an account
> on the server so that you can try to send and receive mail normally.
> Simply give me your preferred username and I'll generate a random
> Kerberos password (which I'll send you encrypted under your public key)
> that you can use to acquire and use Kerberos credentials.
username: ondrej
> For the /etc/krb5.conf:
>
> [realms]
> CRUSTYTOOTHPASTE.NET = {
> kdc = castro.crustytoothpaste.net
> admin_server = castro.crustytoothpaste.net
> }
Thanks, that's very helpful and it should help me to nail down the
problem more quickly. There was some fixes related to CR LF handling,
so maybe something is broken there.
O.
--
Ondřej Surý <ondrej at sury.org>
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list